>>The IIS issue may be a great point, but VFP ain't IIS and there are no CodeRed-like worries with VFP!
>
>Why not? There are times when security risks in VFP itself can be threatening, or security risks exclusive to my product can be threatening, in both cases, I think that Full Disclosure would be as bad as it is with IIS.

When you know about the weaknesses of a product you can do something about it. If it's about security it'll be up to you to do something about it while waiting for an official patch.

The bad side is that everyone will know about the weaknesses. But at least everybody knows about it.

I prefer that to me reacting to a weakness that I did'nt know of but that some hacker found out.